Cyber Security is a protection offered to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).
WHY DO YOU NEED ONE?
Hackers intrude into system to get hold of sensitive information and sell it for a price. There were many instances where well-established organizations like financial institutions lost valuable information of customers. Some of them are
• Hong Kong Stock Exchange (Aug 2011) — DDoS through BOTNET
• PenFed (Dec 2010) — Malware from infected laptop
• CitySights (Sep 2010) — SQL injection
• EU Carbon Trading Exchange (Jan 2011) — Phishing
Similarly, there are many other retail companies, government organizations which were hacked. Loosing sensitive data is lose to any organization towards trust.
WHAT IS CIA?
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.A loss of confidentiality is the unauthorized disclosure of information
Integrity: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.A loss of integrity is the unauthorized modification or destruction of information
Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system
AND, SOME MORE:
Although the use of the CIA triad to define security objectives is well established, some in the security field feel that additional concepts are needed to present a complete picture:
Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.
Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.
GUARD AGAINST WHAT?
There are different ways you can be posed to a security threat, here is the list of some:
• Unauthorized Disclosure
• Exposure, Interception, Inference, Intrusion
• Masquerade, Falsification, Repudiation
• Incapacitation, Corruption, Obstruction
• Misappropriation, Misuse
Hardware: A major threat is the threat to availability. Hardware is the most vulnerable to attack and the least susceptible to automated controls. Threats include accidental and deliberate damage to equipment as well as theft. Theft of CDROMs and DVDs can lead to loss of confidentiality. Physical and administrative security measures are needed to deal with these threats
Software: Includes the operating system, utilities, and application programs. A key threat is an attack on availability. Software is often easy to delete. Software can also be altered or damaged to render it useless. Careful software configuration management can maintain high availability. A more difficult problem is software modification (e.g. from virus/worm) that results in a program that still functions but that behaves differently than before, which is a threat to integrity/authenticity.
Data: Involves files and other forms of data controlled by individuals, groups, and business organizations. Security concerns with respect to data are broad, encompassing availability, confidentiality, and integrity. In the case of availability, the concern is with the destruction of data files, which can occur either accidentally or maliciously. The obvious concern with confidentiality is the unauthorized reading of data files or databases. A less obvious secrecy threat involves the analysis of data and manifests itself in the use of so-called statistical databases, which provide summary or aggregate information. Finally, data integrity is a major concern in most installations. Modifications to data files can have consequences ranging from minor to disastrous.
• Involves routers, switches, and other firmware
• Must guard against passive and active attacks
• Passive attacks are eavesdropping
• Release of message contents
• Traffic analysis
• Are hard to detect, so aim to prevent
•Active attacks modify/ fake data
•Denial of Service
•Hard to prevent, so aim to detect